Cloudhub MuleSoft
HTTPS Endpoint
Michael Oakes
October 2016
Certification Process
Company can request a certificate from an authorized Certification
Authority (CA).
Certification Authority validates the company requesting the certificate
and create and issue them a cryptographically signed certificate.
Company installs the issued and signed certificate on their server and is
sent out to connecting browsers as part of the HTTPS handshake process.
Browsers will use root certificates it is shipped with to verify that the
signed certificate sent by the server is correct and valid and can be
trusted.
3
Client
Proxy
API
Use Java JDKs Keytool utility to generate a keystore for your service.
In your global mule configuration create a HTTPS connector that uses this keystore.
In your service endpoint configure a HTTP listener that uses the HTTPS connector.
We create our keystore from the command line using the command below - this will create keystore for us in the
form of a .jks file and will contain our private key and a self-signed public certificate. In the example below the
KeyPassword and StorePassword can either be different passwords or the same but you need to take note of them
as they will be provided as part of the HTTPS Connector configuration. Also the hostname must be specified in the
ext parameter which is 127.0.0.1 in our example below.
keytool -genkeypair -keystore keystore.jks -dname
"CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
-keypass <KeyPassword> -storepass
<StorePassword>-keyalg DSA -sigalg SHA1withDSA -keysize 1024 -alias <MyAlias> -ext SAN=DNS:localhost,IP:127.0.0.1 -validity
9999
2.
The generated keystore should now be copied into a folder within your MuleSoft project that is included within the
projects Classpath such as /src/main/resources.
In Global Elements of your global.xml (or other mule config file) create an HTTP Listener Configuration, setting
the Protocol to HTTPS and configuring name, host, port either directly or referencing from a properties file:
<http:listener-config name="<ConfigName>" host="<Host>" port="<Port>" doc:name="HTTP Listener Configuration" />
2.
Edit Configuration XML to include the code in green below which references the keystore. Ensure the Keystore jks
file is copied into /src/main/resources folder or the project as Mule will try to find the resource within the application
class-path. The StorePassword and KeyPassword properties should be set to the corresponding the KeyPassword and
StorePassword values assigned when generating the Keystore using Keytool .
<http:listener-config name="<ConfigName>" host="<Host>" port="<Port>" doc:name="HTTP Listener Configuration" >
<tls:context name="<ContextName>" doc:name="TLS Context">
<tls:key-store path="<KeystoreFileName.jks>" password="<StorePassword>" keyPassword="<KeyPassword>" />
</tls:context>
</http:listener-config>
Now configure a HTTP Listener in your service endpoint to use the HTTPS Listener Connector
we just created in the global mule configuration. To do this set the config-ref property to
reference the name property of our HTTPS Listener Connector this should be available in the
Connector Configuration dropdown list on the properties form of the HTTP Listener.
<http:listener configref="<HTTPSListenerConnectorConfigName>" path="<APIURLPath>" doc:name="HTTPS" />
In Global Elements of your global.xml (or other mule config file) create an HTTP Request Configuration, setting
the Protocol to HTTPS and configuring name, host, port either directly or referencing from a properties file:
<http:request-config name="<ConfigName>" host="<Host>" port="<Port>" doc:name="HTTP Request Configuration" />
2.
Edit Configuration XML to include the code in green below which references the keystore. Ensure the Keystore jks
file is copied into /src/main/resources folder or the project as Mule will try to find the resource within the application
class-path. The StorePassword and KeyPassword properties should be set to the corresponding the KeyPassword and
StorePassword values assigned when generating the Keystore using Keytool .
<http:request-config name="<ConfigName>" host="<Host>" port="<Port>" doc:name="HTTP Request Configuration" >
<tls:context name="<ContextName>" doc:name="TLS Context">
<tls:key-store path="<KeystoreFileName.jks>" password="<StorePassword>" keyPassword="<KeyPassword>" />
</tls:context>
</http:request-config>
Now configure a HTTP Request component in your service to use the HTTPS Request
Connector we just created in the global mule configuration. To do this set the config-ref
property to reference the name property of our HTTPS Request Connector this should be
available in the Connector Configuration dropdown list on the properties form of the HTTP
Request.
<http:request config-ref="<HTTPSRequestConnectorConfigName>" path="<TARGETURLPath>"
doc:name="HTTPS REQ" method="GET" followRedirects="true" parseResponse="false"/>
http://blogs.mulesoft.com/dev/api-dev/secure-api/
http://blogs.mulesoft.com/dev/mule-dev/working-with-certificates /
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores
https://docs.mulesoft.com/api-manager/https-api-proxy-example
https://docs.mulesoft.com/api-manager/setting-up-an-api-proxy#using-https
https://docs.mulesoft.com/runtime-manager/building-an-https-service
https://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html